Monday, August 13, 2018

What Suprises GCP Auditors?

Last month, I scheduled one-on-one discussions with our most experienced GCP auditors to ask each of them the same question: What surprises you most about the audits you conduct?

I guess you could say that I was the one who was surprised. I’m not sure exactly what I was expecting to hear, but I thought my teammates were going to talk about things that were new. Instead, I heard a lot more about things that have been around for a long time. To a person, my colleagues said they were surprised to be observing some of the same audit findings they were observing 30 years ago...which *is* surprising when you consider most of them were mere children at the time. ;-)  It seems we have some stubbornly persistent quality and compliance issues in the biopharma industry that decades of neither experience nor technology have seemed to remedy. And the problems are not just persistent; they’re interrelated.

Standard Operating Procedures (SOPs)
It’s quite common for auditors to encounter sponsors, CROs, and sites that lack an adequate set of SOPs to describe local procedures. There are several reasons for this. Sometimes it’s a lack of resources. Sometimes smaller, established organizations believe writing it all down is unnecessary, as “people know their jobs.” Sometimes newer companies are simply unaware that written procedures are required for particular operations. But when procedures are not documented, organizations are unable to demonstrate GCP compliance, cannot ensure that activities are performed correctly or consistently, and have difficulty training new staff members. (We’ll come back to training in a bit.)

Frequently missing from a good working set of SOPs are procedures for Disaster Recovery, Handling of Suspected Fraud, and Management of Regulatory Inspections. These SOPs are not used for day-to-day operations, so perhaps that’s why they don’t garner as much attention. Nevertheless, the inability to recover from a disaster, protect the organization from fraud allegations, or pass a regulatory inspection can sink a company.

A fourth SOP that is commonly absent from the set is the document that describes how to write, approve, distribute, revise, and retire SOPs. Also frequently missing from a working set of SOPs is our next topic: Training.

Training can be expensive and time-consuming, and companies increasingly have to do more with less. In-person training has largely been replaced by computer-based systems, on-site training has given way to distance learning, and mentoring has gone the way of the dodo.

The good news is that study sites typically adhere to formal GCP training requirements. What’s often missing, though, is the training that connects GCP concepts to everyday activities. A trainee might correctly answer a multiple-choice question about audit trails, but without that “last mile” of coaching, use Wite-Out to correct a source document error. This is where SOPs come in. When training is conducted using well-written SOPs, it can help bridge the gap between standard GCP training and specific site operations.

It is not uncommon for study-specific training to be lacking in CROs – protocol training, device training, computer systems user training. As part of their vendor oversight procedures (also an SOP!), sponsors should be making sure that CRO staff is adequately trained. 

Trial Master Files (TMFs)
Whether paper or electronic, it’s common for TMF documents to be missing or expired. Replacements for these documents can usually be produced and filed at the time of the audit. Misfiled documents are another matter; they are already there but cannot easily be found. Locating and refiling them essentially doubles the time and cost of the original effort. For example, documents from multiple labs, such as certificates, credentials, vendor audit results, etc., are often mistakenly commingled. Documents must be sorted and refiled so that each facility listed on the 1572 has its own file or electronic folder.

Another very common mistake is treating every document on letterhead as if it’s general correspondence. Search for the word “letter” in the DIA Reference Model and you can see how many opportunities exist for misclassifying correspondence. For example, an IND safety report sent by the sponsor on letterhead should be filed under “Notification of Safety Information,” Section 8.3.18 in ICH E6(R2), not “Relevant Communications,” Section 8.3.11. In an eTMF, an IRB approval letter belongs in 04.01.02, its designated DIA Reference Model position, not 04.04.01, which is reserved for general communication.

The root cause of these misfilings? The filer does not know enough about the filing structure of the TMF and often is not familiar enough with clinical research to know the purpose of each document and where it belongs. The corrective action? Training. Training on the TMF plan, the TMF Management SOP, ICH GCP, and study operations in general.

Technology to the Rescue?
No doubt, CTMSs, eTMFs, eCRFs, ePRO, and other systems have improved clinical operations and reduced error. However, three decades of technological advances have done little to address the most common quality and compliance issues encountered by GCP auditors – and by extension regulators. Some might find that discouraging, but isn’t it also a little satisfying that the solution to our most persistent problems comes down to human communication?

A version of this article originally appeared in InSite, the Journal of the Society for Clinical Research Sites.

No comments:

Post a Comment